TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: November 26, 2018 - TIBCO Statistica Server
TIBCO Statistica Server Vulnerable to Cross Site Scripting
Original release date: November 26, 2018
Source: TIBCO Software Inc.
- TIBCO Statistica Server versions 13.4.0 and below
The following component is affected:
- web application of TIBCO Statistica
The component listed above contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks.
The impact of this vulnerability includes the theoretical possibility that an authenticated user could escalate privileges to gain administrative access to the web interface of the affected component.
CVSS v3 Base Score: 7.6 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
- TIBCO Statistica Server version 13.4.0 and below update the TIBCO Statistica component to 13.5.0 or above